[Field of the Invention]
The present invention relates to an information processing device, an authorization system, an information processing method, and a recording medium.
[Description of the Related Art]
In a system handling important electronic data such as individual information or the like, the risk of information leak due to decryption or leak of an encryption key cannot be sufficiently reduced even if data is encrypted. As a technique for solving the above problem, a secret sharing scheme is known. The secret sharing scheme is a technique of dividing important data into a plurality of data pieces not directly connected to the original data, and has such a characteristic that even if a third person acquires some of the data pieces, the third person cannot restore the important data.
Patent Document 1 and Patent Document 2 disclose data distribution and save systems in which a plurality of data pieces are generated from important data using the secret sharing scheme and distributed and saved in servers on a plurality of data centers (hereinafter, referred to as DCs).
[Patent Document 1]Japanese Laid-open Patent Publication No. 2013-120515
[Patent Document 2]Japanese Patent No. 4860779
In an object management system which divides an object into a plurality of object pieces and distributes and saves the object pieces in save servers included in the plurality of DCs, a user usually needs to individually perform user authentication for each of the DCs or the like. In this case, a single sign-on technology is often used to prevent complication of authentication processing. Patent Document 2 discloses a single sign-on technology of holding password information different for the server of each of the DCs and individually performs authentication processing.
However, since the password information is held in each server, update processing is generated also in each server when the information is updated. Further, operation and maintenance of each server becomes complicated. There is a conceivable method that transfers information on an authentication result and an authorization result performed in specific servers such as authentication and authorization servers or the like by performing communication between the servers, but has a problem of requiring much time for communication processing when the communication speed between DCs is low.